Bitcoin.com News, citing a report published by Quantus, a Layer 1 blockchain company for quantum security, on May 29, warned that more than $2 trillion in digital assets are protected by existing signature systems. Quantus said that once sufficiently powerful quantum computers break these systems, the related assets will face threats, and that the cost of Bitcoin signatures will increase by 70 times.
Technical Risks Confirmed by Quantus: Shor’s Algorithm and the Special Challenges of On-Chain Public Keys
In its report, Quantus confirmed that the core issue is Shor’s algorithm—sufficiently powerful quantum computers can break RSA and elliptic curve cryptography (including ECDSA and Ed25519), which provide security for Bitcoin, Ethereum, and many other blockchains.
Quantus CEO Christopher Smith confirmed: “The crypto industry won’t receive an explicit warning signal before Q day. If action is taken only once the threat is obvious, users will be forced to move assets under pressure.” The special challenge Bitcoin faces is: an estimated 2.3 million to 3.7 million BTC are permanently lost, their owners can no longer control private keys, and these bitcoins cannot be transferred to quantum-secure addresses. In addition, the report confirms that stablecoin administrators’ keys, bridge verifiers, oracle networks, multisig systems, and governance contracts also rely on traditional signature mechanisms.
Response Status and Known Positions Across the Industry
BIP 360 has become one possible path for Bitcoin migration, but Quantus confirmed that it cannot solve all problems, including large-value transactions, limited hardware wallet support, and the handling of un-migrated assets. Signal, Apple, Google, and Cloudflare have confirmed that they are starting to migrate parts of network infrastructure to post-quantum systems.
Gnosis Guild co-founder Auryn Macmillan confirmed: “The only practical solution is to set hard deadlines, requiring account owners to migrate to quantum-secure accounts, after which all tokens held in accounts that are vulnerable to attack will be permanently frozen.” CircuitLabs’ Lana Ivina also confirmed: “Many users may prefer to stay on-chain where the quantum attack surface is smaller and where it has been well understood—especially if that chain has reliable upgrade or migration solutions.”
In its report, Quantus used the term “quantum filter” to describe the potential window during which capital flows from traditional blockchains to quantum-secure networks; it should be noted that Quantus itself is building a quantum-secure Layer 1 blockchain.
Frequently Asked Questions
Why is the threat from quantum computers to blockchains more complex than that to traditional networks?
Quantus’s report confirms that traditional network companies can rotate encryption algorithms through software updates, but once a blockchain public key is on-chain, it remains permanently visible. Migration requires coordinated alignment among wallet developers, exchanges, custodians, validators, and governance entities, facing even more daunting decentralized coordination challenges.
What is the specific technical cost of adopting post-quantum signatures for Bitcoin?
Based on Quantus’s confirmation, a standard Bitcoin ECDSA signature includes an encryption payload of about 97 bytes, while an analogous transaction using the post-quantum scheme ML-DSA-87 is about 7,187 bytes (about 70 times). Without large-scale architectural changes, this will create significant pressure on Bitcoin’s block space and throughput.
What is the current status of NIST post-quantum cryptography standards?
The U.S. National Institute of Standards and Technology (NIST) finalized its first post-quantum cryptography standard in August 2024, providing the core toolset framework for post-quantum migration. Signal, Apple, Google, and Cloudflare have confirmed that they are starting to migrate parts of network infrastructure to post-quantum systems.
